Fido is a multi-threaded file watcher which searches files in real time for user-defined patterns. When it locates a match, it runs a user-defined program. It is useful for monitoring log files for issues and responding to them. It was designed to recognize log file rotation and start monitoring from the beginning of the new file.

log2command was created as a sort of reverse fail2ban or cheap VPN-firewall: a machine with a closed firewall can be told, by a foreign machine, to accept connections from a specific IP. log2command then keeps track of the Web server log file and watches for inactivity from the user's IP. After an amount of time, another command is executed that can remove the user's IP from the firewall, closing down the machine again. The PHP script is a command line program that can be run in the background.

agentsmith is a daemon that continuously monitors a log file for break-in attempts by remote hosts. Upon detection of a break-in attempt, it launches a user defined script or application, which can do virtually anything from sending mail messages to whatever else you might think of. The criteria for what is considered a break-in attempt can be configured by means of a regular expression.

LogShark is a simple log monitor. It can monitor multiple directories, and for each directory a different set of filename patterns can be used. Because LogShark does not lock anything, it does not prohibit removal of the files and/or directories.

syslog-notify, a utilty for modern Linux (and other Unix-like) desktops, provides a pop-up display for messages that would otherwise be written unnoticed to the system logs. The choice of messages to display (from all messages to only the most critical) is completely configurable through the standard syslog configuration files. Popups are handled via the freedesktop.org notification standard, and thus are fully integrated with the desktop environment.